Postfix

------

#  dnf -y install mailx mutt postfix* nmap

cp /etc/postfix/main.cf /etc/postfix/main.cf.ORG

cp /etc/postfix/master.cf /etc/postfix/master.cf.ORG

# vi /etc/postfix/main.cf

135  # inet_interfaces = localhost

138  # inet_protocols = all

183  # mydestination = $myhostname, localhost.$mydomain, localhost

709 # smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem

715 # smtpd_tls_key_file = /etc/pki/tls/private/postfix.key

 myhostname = mail.worldcm.tk

 mydomain = worldcm.tk

 myorigin = $mydomain

 inet_interfaces = all

 inet_protocols = ipv4

 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

 mynetworks = 127.0.0.0/8, 10.0.0.0/24

 home_mailbox = Maildir/

 smtpd_banner = $myhostname ESMTP

 message_size_limit = 10485760                   # email size for 10M

 mailbox_size_limit = 1073741824                 # mailbox for 1G

### SMTP-Auth setting

 smtpd_sasl_type = dovecot

 smtpd_sasl_path = private/auth

 smtpd_sasl_auth_enable = yes

 smtpd_sasl_security_options = noanonymous

 smtpd_sasl_local_domain = $myhostname

### SSL

smtpd_use_tls = yes

smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt

smtpd_tls_key_file = /etc/pki/tls/certs/server.key

smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache

### SSL

 smtpd_use_tls = yes

 smtp_tls_mandatory_protocols = !SSLv2, !SSLv3

 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

 smtpd_tls_cert_file = /etc/letsencrypt/live/mail.worldcm.tk/fullchain.pem

 smtpd_tls_key_file = /etc/letsencrypt/live/mail.worldcm.tk/privkey.pem

 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

 smtpd_recipient_restrictions = 

                 permit_mynetworks, 

                 permit_auth_destination, 

                 permit_sasl_authenticated, 

                 reject

[root@mail ~]#  systemctl enable --now postfix

[root@mail ~]# vi /etc/postfix/master.cf

     16 #tlsproxy  unix  -       -       n       -       0       tlsproxy

     17 submission inet n       -       n       -       -       smtpd

     18    -o syslog_name=postfix/submission

     19 #  -o smtpd_tls_security_level=encrypt

     20    -o smtpd_sasl_auth_enable=yes

     21 #  -o smtpd_tls_auth_only=yes

     22 #  -o smtpd_reject_unlisted_recipient=no

     23 #  -o smtpd_client_restrictions=$mua_client_restrictions

     24 #  -o smtpd_helo_restrictions=$mua_helo_restrictions

     25 #  -o smtpd_sender_restrictions=$mua_sender_restrictions

     26 #  -o smtpd_recipient_restrictions=

     27 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

     28 #  -o milter_macro_daemon_name=ORIGINATING

     29 smtps     inet  n       -       n       -       -       smtpd

     30    -o syslog_name=postfix/smtps

     31    -o smtpd_tls_wrappermode=yes

     32    -o smtpd_sasl_auth_enable=yes

     33 #  -o smtpd_reject_unlisted_recipient=no

     34 #  -o smtpd_client_restrictions=$mua_client_restrictions

     35 #  -o smtpd_helo_restrictions=$mua_helo_restrictions

     36 #  -o smtpd_sender_restrictions=$mua_sender_restrictions

     37 #  -o smtpd_recipient_restrictions=

     38 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

     39 #  -o milter_macro_daemon_name=ORIGINATING

     40 #628       inet  n       -       n       -       -       qmqpd

[root@mail ~]# vi /etc/dovecot/conf.d/10-ssl.conf

# line 8: change (if set SSL required, specify [required])

ssl = yes

# line 14,15: specify certificates

ssl_cert = </etc/letsencrypt/live/mail.worldcm.net/fullchain.pem

ssl_key = </etc/letsencrypt/live/mail.worldcm.net/privkey.pem

[root@mail ~]# systemctl restart postfix dovecot

----